aeleos / cloudflared

Cloudflare Tunnel Instructions and Template for Unraid
173 stars 21 forks source link

Error writing cert , permission denied #20

Open psycmos opened 2 years ago

psycmos commented 2 years ago

Hi Aeleos. I'm trying to install tunel on unraid, but i receive this error message " ... Leave cloudflared running to download the cert automatically. error writing cert to /home/nonroot/.cloudflared/cert.pem: open /home/nonroot/.cloudflared/cert.pem: permission denied "

I don't know why, but it haven't enough privileges to write certificate file. So, if you have some idea do solve that issue, let me know.

ltomes commented 2 years ago

The nuclear option would be:

chown -R nobody:users /mnt/user/appdata/cloudflared/
chmod -R 777 /mnt/user/appdata/cloudflared/

Once you fix this permissions issue though, another one follows it:

<Timestamp> INF Starting tunnel tunnelID=<UUID>
Tunnel credentials file 'home/nonroot/.cloudflared/<UUID>.json' doesn't exist or is not a file

These files do exist, but the permissions are pretty messed up/most users created these files as root.

After the heavy permission bashing I listed above these files look like so:

ls -li  /mnt/user/appdata/cloudflared/
total 12
<size> -rwxrwxrwx 1 nobody users  188 Nov 27 01:09 <UUID>.json*
<size> -rwxrwxrwx 1 nobody users 1938 Nov 27 01:08 cert.pem*
<size> -rwxrwxrwx 1 nobody users  249 Nov 27 01:13 config.yaml*

This does not resolve the issue for me though, I've tried a few other users for ownership as well and didn't have luck.

aeleos commented 2 years ago

If you are using unraid you may want to try using the docker fix permissions script in the fix common problems plugin. Most likely these permission issues aren't actually to do with the file itself (since it obviously has all of the right permission) but likely related to the permissions on the underlying folder(s). There is also likely other online resources you can use to help solve the problem since the issues aren't related to cloudflared.

Can you post the permissions of your cloudflared folder itself?

IndianaJoe1216 commented 2 years ago

@psycmos I am currently having the same issue. I have run the docker safe new perms command and that has not resolved it. Were you able to get past it?

bclinton1 commented 2 years ago

I am also having this issue. Have tried numerous things like creating the nonroot folder in the home folder and opening that folder up to everyone but I continue to get the error. I change the command to "docker run -it --rm -v /mnt/user/appdata/cloudflared:/home/[unraiduid]/.cloudflared/ cloudflare/cloudflared:2022.4.0-amd64 tunnel login" and ran without the error but I get this..... [Leave cloudflared running to download the cert automatically. You have successfully logged in. If you wish to copy your credentials to a server, they have been saved to: /home/nonroot/.cloudflared/cert.pem]

I look in the home folder and there is no nonroot folder. The only thing in my home folder is my unraid ID name folder.

drewschbag commented 2 years ago

@psycmos I am currently having the same issue. I have run the docker safe new perms command and that has not resolved it. Were you able to get past it?

Instead of using the docker safe new perms in Unraid, use the regular old "new permissions" instead and update the permissions on your appdata share. I think this is related to issues created during the upgrade from 6.9 to 6.10 in unraid that many users experienced, but at any rate, getting new permissions on that appdata share should let you work through these instructions without issue.

rofreixo commented 1 year ago

@psycmos I am currently having the same issue. I have run the docker safe new perms command and that has not resolved it. Were you able to get past it?

Instead of using the docker safe new perms in Unraid, use the regular old "new permissions" instead and update the permissions on your appdata share. I think this is related to issues created during the upgrade from 6.9 to 6.10 in unraid that many users experienced, but at any rate, getting new permissions on that appdata share should let you work through these instructions without issue.

That resolved it! thank you!